CVE-2019-18922

Name of the Vulnerable Software and Affected Versions Allied Telesis AT-GS950/8 versions prior to Firmware AT-S107 V.1.1.3 [1.00.047]

Description A Directory Traversal issue in the Web interface allows unauthenticated attackers to read arbitrary system files via a GET request. This issue affects an End-of-Life product.

Recommendations For Allied Telesis AT-GS950/8 versions prior to Firmware AT-S107 V.1.1.3 [1.00.047], update to Firmware AT-S107 V.1.1.3 [1.00.047] or later to resolve the issue. As a temporary workaround, consider restricting access to the Web interface until a patch is applied.